Cyberattack warning urges docs’ security refresher

A data breach on par with last year's retail sector calamity is a possibility for the health care industry—that is the prevailing thought of cybersecurity analysts.

"All optometrists who use computers in the practice and off-site for patient care are liable for cyberattacks."

American Medical Association (AMA) Board President Robert Wah, M.D., who works for a technology firm, sounded alarm bells when he told Politico last week that hackers are seeking health records for the chance to steal more protected data at a lower risk.

"So who carries the burden and liability of losing an iPad, computer or device with patient data? Or who is responsible after a cyberattack? Unfortunately, the answer is you," writes Chad Fleming, O.D., AOAExcelTM Business and Career Coach. "All optometrists who use computers in the practice and off-site for patient care are liable for cyberattacks."

Health data figures to be the next target owing in part to the wealth of personal information, and the comparatively lax cybersecurity compared with financial and retail sectors, according to an FBI notice to care providers acquired by Reuters.

"Therefore, the possibility of increased cyber intrusions is likely," the FBI notice stated.

Take appropriate security measures Failure to adequately protect patient medical records is a costly experience. Recovering lost data can cost upwards of $240 per record, according to industry data, and that's an expense that quickly accrues.

Review these recommendations from AOAExcelTM to protect patient data and your practice from prying digital fingers.

Ensure electronic patient information is encrypted. Basic passwords won't cut it when it comes to hi-tech hackers, so activate the encryption program that most electronic health record (EHR) systems already offer;

Review the HIPAA Privacy and Security rules. Optometrists who transmit information in an electronic format, such as a claim to Medicare or other payers, are considered covered entities under HIPAA, and should be aware of the HIPAA Privacy and Security Rules.